Package: release.debian.org User: release.debian.org@packages.debian.org Usertags: pu Tags: buster Severity: normal Dear SRM, There have been several CVE reports against cacti since the last security update. I have created a new package based on the upstream patches that fix those issues. Unfortunately, upstream has a tendency to regularly add a bit of fluff to those type of patches. In this case, upstream has canonized the solution for html escaping. To avoid making mistakes, I have left those canonizations in the patch, making it slightly bigger than necessary for the pure fix, but I believe at lower risk. The reason why I started this PU is however a different issue (https://github.com/Cacti/cacti/issues/3245), where the graphs that are produced by cacti can't be manipulated for dates after Sep 13 2020. As generating graphs and having the possibility to view them is the core purpose of cacti, I consider this a severe bug that I like to fix. I have run the cacti autopkgtest on the proposed package. Although I'd like to add reproducers for several CVE issues to the autopkgtest suite, this proposal has been sitting on my laptop long enough. If I create one, I'll let you know. Is it OK to upload? Paul -- System Information: Debian Release: bullseye/sid APT prefers testing APT policy: (990, 'testing'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 5.7.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
diff -Nru cacti-1.2.2+ds1/debian/changelog cacti-1.2.2+ds1/debian/changelog
--- cacti-1.2.2+ds1/debian/changelog 2019-12-29 19:53:28.000000000 +0100
+++ cacti-1.2.2+ds1/debian/changelog 2020-06-18 22:34:41.000000000 +0200
@@ -1,3 +1,25 @@
+cacti (1.2.2+ds1-2+deb10u3) buster; urgency=medium
+
+ * Unix timestamps after Sep 13 2020 are rejected as graph start/end
+ arguments (Upstream bug #3245)
+ * CVE-2020-7237: Remote Code Execution (by privileged users) via shell
+ metacharacters in the Performance Boost Debug Log field of
+ poller_automation.php. OS commands are executed when a new poller
+ cycle begins. The attacker must be authenticated, and must have access
+ to modify the Performance Settings of the product. (Closes: #949997)
+ * CVE-2020-7106: XSS in data_sources.php, color_templates_item.php,
+ graphs.php, graph_items.php, lib/api_automation.php, user_admin.php,
+ and user_group_admin.php, as demonstrated by the description parameter
+ in data_sources.php (a raw string from the database that is displayed
+ by $header to trigger the XSS). (Closes: #949996)
+ * CVE-2020-13230: Disabling an user account does not immediately
+ invalidate any permissions granted to that account (e.g., permission
+ to view logs)
+ * CVE-2020-13231: auth_profile.php?action=edit allows CSRF for an admin
+ email change
+
+ -- Paul Gevers <elbrus@debian.org> Thu, 18 Jun 2020 22:34:41 +0200
+
cacti (1.2.2+ds1-2+deb10u2) buster-security; urgency=medium
* Non-maintainer upload by the Security Team.
diff -Nru cacti-1.2.2+ds1/debian/patches/107bfecebfdd060a81b91f146471648ebb7284a0.patch cacti-1.2.2+ds1/debian/patches/107bfecebfdd060a81b91f146471648ebb7284a0.patch
--- cacti-1.2.2+ds1/debian/patches/107bfecebfdd060a81b91f146471648ebb7284a0.patch 1970-01-01 01:00:00.000000000 +0100
+++ cacti-1.2.2+ds1/debian/patches/107bfecebfdd060a81b91f146471648ebb7284a0.patch 2020-06-18 22:34:41.000000000 +0200
@@ -0,0 +1,45 @@
+From 107bfecebfdd060a81b91f146471648ebb7284a0 Mon Sep 17 00:00:00 2001
+From: TheWitness <thewitness@cacti.net>
+Date: Thu, 12 Mar 2020 18:56:29 -0400
+Subject: [PATCH] Fixing Issue #3342
+
+CSRF at Admin Email
+---
+ CHANGELOG | 1 +
+ include/global.php | 16 +++++++++++++++-
+ 2 files changed, 16 insertions(+), 1 deletion(-)
+
+Index: cacti/include/global.php
+===================================================================
+--- cacti.orig/include/global.php
++++ cacti/include/global.php
+@@ -164,7 +164,7 @@ if (empty($database_port)) {
+ }
+
+ /* set URL path */
+-if (! isset($url_path)) {
++if (!isset($url_path)) {
+ $url_path = '';
+ }
+ $config['url_path'] = $url_path;
+@@ -442,6 +442,20 @@ if ($config['is_web']) {
+ exit;
+ }
+ }
++
++ /* check for save actions using GET */
++ if (isset_request_var('action')) {
++ $action = get_nfilter_request_var('action');
++
++ $bad_actions = array('save', 'update_data', 'changepassword');
++
++ foreach($bad_actions as $bad) {
++ if ($action == $bad && !isset($_POST['__csrf_magic'])) {
++ cacti_log('WARNING: Attempt to use GET method for POST operations from IP ' . get_client_addr(), false, 'WEBUI');
++ exit;
++ }
++ }
++ }
+ }
+
+ api_plugin_hook('config_insert');
diff -Nru cacti-1.2.2+ds1/debian/patches/25abe64483752f7585ae17b699167b0abe849833.patch cacti-1.2.2+ds1/debian/patches/25abe64483752f7585ae17b699167b0abe849833.patch
--- cacti-1.2.2+ds1/debian/patches/25abe64483752f7585ae17b699167b0abe849833.patch 1970-01-01 01:00:00.000000000 +0100
+++ cacti-1.2.2+ds1/debian/patches/25abe64483752f7585ae17b699167b0abe849833.patch 2020-06-18 22:34:41.000000000 +0200
@@ -0,0 +1,209 @@
+From 25abe64483752f7585ae17b699167b0abe849833 Mon Sep 17 00:00:00 2001
+From: TheWitness <thewitness@cacti.net>
+Date: Fri, 13 Mar 2020 18:49:28 -0400
+Subject: [PATCH] Fixing Issue #3343 and outstanding issue with #3342
+
+---
+ CHANGELOG | 3 ++-
+ auth_profile.php | 11 +++++++++--
+ include/layout.js | 24 ++++++++++++++++--------
+ lib/auth.php | 20 ++++++++++++++++++++
+ logout.php | 9 ++++-----
+ user_group_admin.php | 4 ++++
+ 6 files changed, 55 insertions(+), 16 deletions(-)
+
+diff --git a/auth_profile.php b/auth_profile.php
+index ca35554ce..255f7216a 100644
+--- a/auth_profile.php
++++ b/auth_profile.php
+@@ -616,7 +616,10 @@ function() {
+ value = $(this).val();
+ }
+
+- $.get('auth_profile.php?tab='+currentTab+'&action=update_data&name='+name+'&value='+value, function() {
++ $.post('auth_profile.php?tab='+currentTab+'&action=update_data', {
++ __csrf_magic: csrfMagicToken,
++ name: name,
++ value: value
+ });
+ }).change(function() {
+ name = $(this).attr('id');
+@@ -630,7 +633,11 @@ function() {
+ value = $(this).val();
+ }
+
+- $.get('auth_profile.php?tab='+currentTab+'&action=update_data&name='+name+'&value='+value, function() {
++ $.post('auth_profile.php?tab='+currentTab+'&action=update_data', {
++ __csrf_magic: csrfMagicToken,
++ name: name,
++ value: value
++ }, function() {
+ if (name == 'selected_theme' || name == 'user_language') {
+ document.location = 'auth_profile.php?action=edit';
+ }
+diff --git a/include/layout.js b/include/layout.js
+index e1e90c2a4..01d2d370f 100644
+--- a/include/layout.js
++++ b/include/layout.js
+@@ -760,7 +760,11 @@ function renderLanguages() {
+ var value = $(this).val();
+ var page = basename(location.pathname);
+ if (page == 'auth_profile.php') {
+- $.get('auth_profile.php?tab='+currentTab+'&action=update_data&name='+name+'&value='+value, function() {
++ $.post('auth_profile.php?tab='+currentTab+'&action=update_data', {
++ __csrf_magic: csrfMagicToken,
++ name: name,
++ value: value
++ }, function() {
+ if (name == 'selected_theme' || name == 'user_language') {
+ document.location = 'auth_profile.php?action=edit';
+ }
+@@ -1683,20 +1687,20 @@ function loadTopTab(href, id, force) {
+
+ $.ajaxQ.abortAll();
+ $.get(url)
+- .done(function(html) {
+- var htmlObject = $(html);
+- var matches = html.match(/<title>(.*?)<\/title>/);
++ .done(function(data) {
++ var htmlObject = $(data);
++ var matches = data.match(/<title>(.*?)<\/title>/);
+
+ if (matches != null) {
+ var htmlTitle = matches[1];
+ var breadCrumbs = htmlObject.find('#breadcrumbs').html();
+- var parts = html.split('</title>');
++ var parts = data.split('</title>');
+ var data = parts[1];
+
+ checkForLogout(data);
+
+ $('title').text(htmlTitle);
+- $('#breadcrumbs').html(breadCrumbs);
++ $('#breadcrumbs').data(breadCrumbs);
+ $('div[class^="ui-"]').remove();
+ $('#cactiContent').replaceWith(data);
+
+@@ -1707,9 +1711,9 @@ function loadTopTab(href, id, force) {
+
+ pushState(myTitle, href);
+ } else {
+- checkForLogout(html);
++ checkForLogout(data);
+
+- $('#cactiContent').replaceWith(html);
++ $('#cactiContent').replaceWith(data);
+
+ thref = stripHeaderSuppression(href);
+
+@@ -2827,9 +2831,13 @@ function checkForLogout(data) {
+ return true;
+ } else if (typeof data === 'object') {
+ return true;
++ } else if (data.indexOf('cactiLoginSuspend') >= 0) {
++ document.location = urlPath + 'logout.php?action=disabled';
+ } else if (data.indexOf('cactiLoginLogo') >= 0) {
+ document.location = urlPath + 'logout.php?action=timeout';
+ }
++
++ return false;
+ }
+
+ function clearGraphFilter() {
+diff --git a/lib/auth.php b/lib/auth.php
+index 7c4f4552c..e03da9f13 100644
+--- a/lib/auth.php
++++ b/lib/auth.php
+@@ -324,6 +324,8 @@ function user_disable($user_id) {
+ /* ==================================================== */
+
+ db_execute_prepared("UPDATE user_auth SET enabled = '' WHERE id = ?", array($user_id));
++
++ reset_user_perms($user_id);
+ }
+
+ /* user_enable - enable a user account
+@@ -334,6 +336,8 @@ function user_enable($user_id) {
+ /* ==================================================== */
+
+ db_execute_prepared("UPDATE user_auth SET enabled = 'on' WHERE id = ?", array($user_id));
++
++ reset_user_perms($user_id);
+ }
+
+ /* get_auth_realms - return a list of system user authentication realms */
+@@ -687,6 +691,22 @@ function is_realm_allowed($realm) {
+ kill_session_var('sess_user_realms');
+ kill_session_var('sess_user_config_array');
+ kill_session_var('sess_config_array');
++
++ $enabled = db_fetch_cell_prepared('SELECT enabled
++ FROM user_auth
++ WHERE id = ?',
++ array($_SESSION['sess_user_id']));
++
++ if ($enabled == '') {
++ db_execute_prepared('DELETE FROM user_auth_cache
++ WHERE user_id = ?',
++ array($_SESSION['sess_user_id']));
++
++ kill_session_var('sess_user_id');
++
++ print '<span style="display:none;">cactiLoginSuspend</span>';
++ exit;
++ }
+ }
+
+ if (isset($_SESSION['sess_user_realms'][$realm])) {
+diff --git a/logout.php b/logout.php
+index 93c7b3d59..c73c2af6c 100644
+--- a/logout.php
++++ b/logout.php
+@@ -75,9 +75,7 @@
+ include('./include/global_session.php');
+ print "</body>
+ </html>\n";
+-} elseif (read_config_option('auth_method') == '2') {
+- clear_auth_cookie();
+-
++} elseif (get_request_var('action') == 'disabled') {
+ print "<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'>\n";
+ print "<html>\n";
+ print "<head>\n";
+@@ -91,14 +89,15 @@
+ <div class='logoutLeft'></div>
+ <div class='logoutCenter'>
+ <div class='logoutArea'>
+- <div class='cactiLogoutLogo'></div>
++ <div class='cactiLogoutLogo cactiLoginSuspend'></div>
+ <legend>" . __('Automatic Logout') . "</legend>
+ <div class='logoutTitle'>
+- <p>" . __('You have been logged out of Cacti due to a session timeout.') . "</p>
++ <p>" . __('You have been logged out of Cacti due to an account suspension.') . "</p>
+ <p>" . __('Please close your browser or %sLogin Again%s', '</p><center>[<a href="index.php">', '</a>]</center>') . "
+ </div>
+ <div class='logoutErrors'></div>
+ </div>
++ <div class='versionInfo'>" . __('Version %s', $version) . " | " . COPYRIGHT_YEARS_SHORT . "</div>
+ </div>
+ <div class='logoutRight'></div>
+ <script type='text/javascript'>
+diff --git a/user_group_admin.php b/user_group_admin.php
+index 4526284ed..7f3de7d88 100644
+--- a/user_group_admin.php
++++ b/user_group_admin.php
+@@ -183,10 +183,14 @@
+
+ function user_group_disable($id) {
+ db_execute_prepared("UPDATE user_auth_group SET enabled = '' WHERE id = ?", array($id));
++
++ reset_group_perms($id);
+ }
+
+ function user_group_enable($id) {
+ db_execute_prepared("UPDATE user_auth_group SET enabled = 'on' WHERE id = ?", array($id));
++
++ reset_group_perms($id);
+ }
+
+ function user_group_remove($id) {
diff -Nru cacti-1.2.2+ds1/debian/patches/28fcdb9c60d1feee08c25c7c8bb61bf707f201bc.patch cacti-1.2.2+ds1/debian/patches/28fcdb9c60d1feee08c25c7c8bb61bf707f201bc.patch
--- cacti-1.2.2+ds1/debian/patches/28fcdb9c60d1feee08c25c7c8bb61bf707f201bc.patch 1970-01-01 01:00:00.000000000 +0100
+++ cacti-1.2.2+ds1/debian/patches/28fcdb9c60d1feee08c25c7c8bb61bf707f201bc.patch 2020-06-18 22:34:41.000000000 +0200
@@ -0,0 +1,109 @@
+From 28fcdb9c60d1feee08c25c7c8bb61bf707f201bc Mon Sep 17 00:00:00 2001
+From: netniV <netniv@hotmail.com>
+Date: Sat, 22 Feb 2020 00:43:56 +0000
+Subject: [PATCH] Unix timestamps after Sep 13 2020 are rejected as graph
+ start/end arguments
+
+Closes #3245
+---
+ graph_image.php | 4 ++--
+ graph_json.php | 4 ++--
+ graph_xport.php | 4 ++--
+ include/global_constants.php | 7 ++++---
+ remote_agent.php | 4 ++--
+ 5 files changed, 12 insertions(+), 11 deletions(-)
+
+diff --git a/graph_image.php b/graph_image.php
+index b9a61a476..b2ccbb7c2 100644
+--- a/graph_image.php
++++ b/graph_image.php
+@@ -80,12 +80,12 @@
+ session_write_close();
+
+ /* override: graph start time (unix time) */
+-if (!isempty_request_var('graph_start') && get_request_var('graph_start') < 1600000000) {
++if (!isempty_request_var('graph_start') && get_request_var('graph_start') < FILTER_VALIDATE_MAX_DATE_AS_INT) {
+ $graph_data_array['graph_start'] = get_request_var('graph_start');
+ }
+
+ /* override: graph end time (unix time) */
+-if (!isempty_request_var('graph_end') && get_request_var('graph_end') < 1600000000) {
++if (!isempty_request_var('graph_end') && get_request_var('graph_end') < FILTER_VALIDATE_MAX_DATE_AS_INT) {
+ $graph_data_array['graph_end'] = get_request_var('graph_end');
+ }
+
+diff --git a/graph_json.php b/graph_json.php
+index ef752dd5e..91d73c09d 100644
+--- a/graph_json.php
++++ b/graph_json.php
+@@ -69,12 +69,12 @@
+ $graph_data_array = array();
+
+ /* override: graph start time (unix time) */
+-if (!isempty_request_var('graph_start') && get_request_var('graph_start') < 1600000000) {
++if (!isempty_request_var('graph_start') && get_request_var('graph_start') < FILTER_VALIDATE_MAX_DATE_AS_INT) {
+ $graph_data_array['graph_start'] = get_request_var('graph_start');
+ }
+
+ /* override: graph end time (unix time) */
+-if (!isempty_request_var('graph_end') && get_request_var('graph_end') < 1600000000) {
++if (!isempty_request_var('graph_end') && get_request_var('graph_end') < FILTER_VALIDATE_MAX_DATE_AS_INT) {
+ $graph_data_array['graph_end'] = get_request_var('graph_end');
+ }
+
+diff --git a/graph_xport.php b/graph_xport.php
+index fecd8f5b3..0435ba603 100644
+--- a/graph_xport.php
++++ b/graph_xport.php
+@@ -48,12 +48,12 @@
+ $graph_data_array = array();
+
+ /* override: graph start time (unix time) */
+-if (!isempty_request_var('graph_start') && is_numeric(get_request_var('graph_start')) && get_request_var('graph_start') < 1600000000) {
++if (!isempty_request_var('graph_start') && is_numeric(get_request_var('graph_start')) && get_request_var('graph_start') < FILTER_VALIDATE_MAX_DATE_AS_INT) {
+ $graph_data_array['graph_start'] = get_request_var('graph_start');
+ }
+
+ /* override: graph end time (unix time) */
+-if (!isempty_request_var('graph_end') && is_numeric(get_request_var('graph_end')) && get_request_var('graph_end') < 1600000000) {
++if (!isempty_request_var('graph_end') && is_numeric(get_request_var('graph_end')) && get_request_var('graph_end') < FILTER_VALIDATE_MAX_DATE_AS_INT) {
+ $graph_data_array['graph_end'] = get_request_var('graph_end');
+ }
+
+diff --git a/include/global_constants.php b/include/global_constants.php
+index c69f10885..b0c5758df 100644
+--- a/include/global_constants.php
++++ b/include/global_constants.php
+@@ -393,9 +393,10 @@
+ define('MAX_DISPLAY_PAGES', 5);
+ define('CHECKED', 'on');
+
+-define('FILTER_VALIDATE_IS_REGEX', 99999);
+-define('FILTER_VALIDATE_IS_NUMERIC_ARRAY', 100000);
+-define('FILTER_VALIDATE_IS_NUMERIC_LIST', 100001);
++define('FILTER_VALIDATE_MAX_DATE_AS_INT', 2088385563);
++define('FILTER_VALIDATE_IS_REGEX', 99999);
++define('FILTER_VALIDATE_IS_NUMERIC_ARRAY', 100000);
++define('FILTER_VALIDATE_IS_NUMERIC_LIST', 100001);
+
+ /* socket errors */
+ define('ENOTSOCK', 88);
+diff --git a/remote_agent.php b/remote_agent.php
+index df21586d5..f0e9c9b76 100644
+--- a/remote_agent.php
++++ b/remote_agent.php
+@@ -185,12 +185,12 @@ function get_graph_data() {
+ $graph_data_array = array();
+
+ /* override: graph start time (unix time) */
+- if (!isempty_request_var('graph_start') && get_request_var('graph_start') < 1600000000) {
++ if (!isempty_request_var('graph_start') && get_request_var('graph_start') < FILTER_VALIDATE_MAX_DATE_AS_INT) {
+ $graph_data_array['graph_start'] = get_request_var('graph_start');
+ }
+
+ /* override: graph end time (unix time) */
+- if (!isempty_request_var('graph_end') && get_request_var('graph_end') < 1600000000) {
++ if (!isempty_request_var('graph_end') && get_request_var('graph_end') < FILTER_VALIDATE_MAX_DATE_AS_INT) {
+ $graph_data_array['graph_end'] = get_request_var('graph_end');
+ }
+
diff -Nru cacti-1.2.2+ds1/debian/patches/47a000b5aba4af16967e249b25f25397506e3464.patch cacti-1.2.2+ds1/debian/patches/47a000b5aba4af16967e249b25f25397506e3464.patch
--- cacti-1.2.2+ds1/debian/patches/47a000b5aba4af16967e249b25f25397506e3464.patch 1970-01-01 01:00:00.000000000 +0100
+++ cacti-1.2.2+ds1/debian/patches/47a000b5aba4af16967e249b25f25397506e3464.patch 2020-06-18 22:34:41.000000000 +0200
@@ -0,0 +1,23 @@
+From 47a000b5aba4af16967e249b25f25397506e3464 Mon Sep 17 00:00:00 2001
+From: cigamit <jimmy@sqmail.org>
+Date: Sun, 19 Jan 2020 09:13:16 -0600
+Subject: [PATCH] One more update relative to #3191
+
+One additional lack of proper exscaping of stored database value.
+---
+ lib/reports.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: cacti/lib/reports.php
+===================================================================
+--- cacti.orig/lib/reports.php
++++ cacti/lib/reports.php
+@@ -702,7 +702,7 @@ function reports_generate_html($reports_
+ } else {
+ $outstr .= "\t\t\t<td class='title' style='text-align:" . $alignment[$report['alignment']] . ";font-size:" . $report['font_size'] . "pt;'>" . PHP_EOL;
+ }
+- $outstr .= "\t\t\t\t" . $report['name'] . PHP_EOL;
++ $outstr .= "\t\t\t\t" . html_escape($report['name']) . PHP_EOL;
+ $outstr .= "\t\t\t</td>" . PHP_EOL;
+ $outstr .= "\t\t</tr>" . PHP_EOL;
+ # this function should be called only at the appropriate targeted time when in batch mode
diff -Nru cacti-1.2.2+ds1/debian/patches/4cbb045e03ee20a2bd09094a201a925fbb8a39d9.patch cacti-1.2.2+ds1/debian/patches/4cbb045e03ee20a2bd09094a201a925fbb8a39d9.patch
--- cacti-1.2.2+ds1/debian/patches/4cbb045e03ee20a2bd09094a201a925fbb8a39d9.patch 1970-01-01 01:00:00.000000000 +0100
+++ cacti-1.2.2+ds1/debian/patches/4cbb045e03ee20a2bd09094a201a925fbb8a39d9.patch 2020-06-18 22:34:41.000000000 +0200
@@ -0,0 +1,843 @@
+From 4cbb045e03ee20a2bd09094a201a925fbb8a39d9 Mon Sep 17 00:00:00 2001
+From: cigamit <jimmy@sqmail.org>
+Date: Wed, 15 Jan 2020 19:56:32 -0600
+Subject: [PATCH] Resolving Issue #3191
+
+* Vulnerability report: Lack of escaping on some pages can lead
+to XSS exposure
+* Also cleaning up additional copyrights
+* Make the way filter headers are escaped consistent
+---
+ CHANGELOG | 2 ++
+ aggregate_graphs.php | 4 ++--
+ aggregate_templates.php | 2 +-
+ automation_graph_rules.php | 2 +-
+ automation_networks.php | 2 +-
+ automation_snmp.php | 4 ++--
+ automation_templates.php | 2 +-
+ automation_tree_rules.php | 2 +-
+ cdef.php | 2 +-
+ color.php | 2 +-
+ color_templates.php | 4 ++--
+ color_templates_items.php | 4 ++--
+ data_debug.php | 3 +--
+ data_input.php | 6 ++---
+ data_queries.php | 4 ++--
+ data_source_profiles.php | 2 +-
+ data_sources.php | 8 +++----
+ data_templates.php | 2 +-
+ gprint_presets.php | 2 +-
+ graph_templates.php | 4 ++--
+ graph_templates_inputs.php | 2 +-
+ graph_templates_items.php | 2 +-
+ graphs.php | 10 ++++-----
+ graphs_items.php | 4 ++--
+ graphs_new.php | 2 +-
+ host.php | 2 +-
+ host_templates.php | 2 +-
+ lib/api_automation.php | 4 ++--
+ lib/html_reports.php | 14 ++++++------
+ managers.php | 42 +++++++++++++++++------------------
+ pollers.php | 2 +-
+ rrdcleaner.php | 1 -
+ sites.php | 2 +-
+ snmpagent_mibcache.php | 40 ++++++++++++++++-----------------
+ snmpagent_mibcachechild.php | 40 ++++++++++++++++-----------------
+ snmpagent_persist.php | 44 ++++++++++++++++++-------------------
+ tree.php | 2 +-
+ user_admin.php | 20 ++++++++---------
+ user_domains.php | 2 +-
+ user_group_admin.php | 18 +++++++--------
+ utilities.php | 2 +-
+ vdef.php | 4 ++--
+ 42 files changed, 162 insertions(+), 162 deletions(-)
+
+Index: cacti/aggregate_graphs.php
+===================================================================
+--- cacti.orig/aggregate_graphs.php
++++ cacti/aggregate_graphs.php
+@@ -547,7 +547,7 @@ function item() {
+ ORDER BY gti.sequence',
+ array(get_request_var('id')));
+
+- $header_label = __('Graph Items [edit: %s]', html_escape(get_graph_title(get_request_var('id'))));
++ $header_label = __esc('Graph Items [edit: %s]', get_graph_title(get_request_var('id')));
+ }
+
+ $graph_template_id = db_fetch_cell_prepared('SELECT graph_template_id
+@@ -606,7 +606,7 @@ function graph_edit() {
+ $aginfo['title_format'] = get_graph_title($graphs['local_graph_id']);
+ }
+
+- $header_label = '[edit: ' . html_escape(get_graph_title(get_request_var('id'))) . ']';
++ $header_label = __esc('[edit: %s]', get_graph_title(get_request_var('id')));
+ }
+
+ if (cacti_sizeof($aginfo)) {
+Index: cacti/aggregate_templates.php
+===================================================================
+--- cacti.orig/aggregate_templates.php
++++ cacti/aggregate_templates.php
+@@ -348,7 +348,7 @@ function aggregate_template_edit() {
+ WHERE id = ?',
+ array(get_request_var('id')));
+
+- $header_label = __('Aggregate Template [edit: %s]', html_escape($template['name']));
++ $header_label = __esc('Aggregate Template [edit: %s]', $template['name']);
+ } else {
+ $header_label = __('Aggregate Template [new]');
+ }
+Index: cacti/automation_graph_rules.php
+===================================================================
+--- cacti.orig/automation_graph_rules.php
++++ cacti/automation_graph_rules.php
+@@ -536,7 +536,7 @@ function automation_graph_rules_edit() {
+ }
+
+ # setup header
+- $header_label = __('Rule Selection [edit: %s]', html_escape($rule['name']));
++ $header_label = __esc('Rule Selection [edit: %s]', $rule['name']);
+ } else {
+ $rule = array (
+ 'name' => get_request_var('name'),
+Index: cacti/automation_networks.php
+===================================================================
+--- cacti.orig/automation_networks.php
++++ cacti/automation_networks.php
+@@ -424,7 +424,7 @@ function network_edit() {
+
+ if (!isempty_request_var('id')) {
+ $network = db_fetch_row_prepared('SELECT * FROM automation_networks WHERE id = ?', array(get_request_var('id')));
+- $header_label = __('Network Discovery Range [edit: %s]', html_escape($network['name']));
++ $header_label = __esc('Network Discovery Range [edit: %s]', $network['name']);
+ } else {
+ $header_label = __('Network Discovery Range [new]');
+ }
+Index: cacti/automation_snmp.php
+===================================================================
+--- cacti.orig/automation_snmp.php
++++ cacti/automation_snmp.php
+@@ -395,7 +395,7 @@ function automation_snmp_item_edit() {
+ FROM automation_snmp_items
+ WHERE id = ?', array(get_request_var('item_id')));
+
+- $header_label = __('SNMP Options [edit: %s]', html_escape($snmp_option['name']));
++ $header_label = __esc('SNMP Options [edit: %s]', $snmp_option['name']);
+ } else {
+ $header_label = __('SNMP Options [new]');
+ $automation_snmp_item = array();
+@@ -459,7 +459,7 @@ function automation_snmp_edit() {
+ if (!isempty_request_var('id')) {
+ $snmp_group = db_fetch_row_prepared('SELECT * FROM automation_snmp where id = ?', array(get_request_var('id')));
+ # setup header
+- $header_label = __('SNMP Option Set [edit: %s]', html_escape($snmp_group['name']));
++ $header_label = __esc('SNMP Option Set [edit: %s]', $snmp_group['name']);
+ } else {
+ $header_label = __('SNMP Option Set [new]');
+ }
+Index: cacti/automation_templates.php
+===================================================================
+--- cacti.orig/automation_templates.php
++++ cacti/automation_templates.php
+@@ -326,7 +326,7 @@ function template_edit() {
+ array(get_request_var('id')));
+
+ if (isset($template_names[$host_template['host_template']])) {
+- $header_label = __('Automation Templates [edit: %s]', html_escape($template_names[$host_template['host_template']]));
++ $header_label = __esc('Automation Templates [edit: %s]', $template_names[$host_template['host_template']]);
+ } else {
+ $header_label = __('Automation Templates for [Deleted Template]');
+ }
+Index: cacti/automation_tree_rules.php
+===================================================================
+--- cacti.orig/automation_tree_rules.php
++++ cacti/automation_tree_rules.php
+@@ -554,7 +554,7 @@ function automation_tree_rules_edit() {
+ $rule = array();
+ if (!isempty_request_var('id')) {
+ $rule = db_fetch_row_prepared('SELECT * FROM automation_tree_rules WHERE id = ?', array(get_request_var('id')));
+- $header_label = __('Tree Rule Selection [edit: %s]', html_escape($rule['name']));
++ $header_label = __esc('Tree Rule Selection [edit: %s]', $rule['name']);
+ } else {
+ $header_label = __('Tree Rules Selection [new]');
+ }
+Index: cacti/cdef.php
+===================================================================
+--- cacti.orig/cdef.php
++++ cacti/cdef.php
+@@ -577,7 +577,7 @@ function cdef_edit() {
+
+ if (!isempty_request_var('id')) {
+ $cdef = db_fetch_row_prepared('SELECT * FROM cdef WHERE id = ?', array(get_request_var('id')));
+- $header_label = __('CDEF [edit: %s]', html_escape($cdef['name']));
++ $header_label = __esc('CDEF [edit: %s]', $cdef['name']);
+ } else {
+ $header_label = __('CDEF [new]');
+ }
+Index: cacti/color.php
+===================================================================
+--- cacti.orig/color.php
++++ cacti/color.php
+@@ -414,7 +414,7 @@ function color_edit() {
+
+ if (!isempty_request_var('id')) {
+ $color = db_fetch_row_prepared('SELECT * FROM colors WHERE id = ?', array(get_request_var('id')));
+- $header_label = __('Colors [edit: %s]', html_escape($color['hex']));
++ $header_label = __esc('Colors [edit: %s]', $color['hex']);
+ } else {
+ $header_label = __('Colors [new]');
+ }
+Index: cacti/color_templates.php
+===================================================================
+--- cacti.orig/color_templates.php
++++ cacti/color_templates.php
+@@ -292,7 +292,7 @@ function aggregate_color_item() {
+ WHERE color_template_id = ?',
+ array(get_request_var('color_template_id')));
+
+- $header_label = __('Color Template Items [edit: %s]', html_escape($name));
++ $header_label = __esc('Color Template Items [edit: %s]', $name);
+ }
+
+ html_start_box($header_label, '100%', '', '3', 'center', 'color_templates_items.php?action=item_edit&color_template_id=' . html_escape_request_var('color_template_id'));
+@@ -356,7 +356,7 @@ function aggregate_color_template_edit()
+
+ if (!isempty_request_var('color_template_id')) {
+ $template = db_fetch_row_prepared('SELECT * FROM color_templates WHERE color_template_id = ?', array(get_request_var('color_template_id')));
+- $header_label = __('Color Template [edit: %s]', html_escape($template['name']));
++ $header_label = __esc('Color Template [edit: %s]', $template['name']);
+ } else {
+ $header_label = __('Color Template [new]');
+ }
+Index: cacti/color_templates_items.php
+===================================================================
+--- cacti.orig/color_templates_items.php
++++ cacti/color_templates_items.php
+@@ -318,10 +318,10 @@ function aggregate_color_item_edit() {
+
+ if (isset_request_var('color_template_item_id') && (get_request_var('color_template_item_id') > 0)) {
+ $template_item = db_fetch_row_prepared('SELECT * FROM color_template_items WHERE color_template_item_id = ?', array(get_request_var('color_template_item_id')));
+- $header_label = __('Color Template Items [edit Report Item: %s]', $template['name']);
++ $header_label = __esc('Color Template Items [edit Report Item: %s]', $template['name']);
+ } else {
+ $template_item = array();
+- $header_label = __('Color Template Items [new Report Item: %s]', $template['name']);
++ $header_label = __esc('Color Template Items [new Report Item: %s]', $template['name']);
+ }
+
+ form_start('color_templates_items.php', 'aggregate_color_item_edit');
+Index: cacti/data_input.php
+===================================================================
+--- cacti.orig/data_input.php
++++ cacti/data_input.php
+@@ -469,10 +469,10 @@ function field_edit() {
+ }
+
+ if ($current_field_type == 'out') {
+- $header_name = __('Output Fields [edit: %s]', html_escape($data_input['name']));
++ $header_name = __esc('Output Fields [edit: %s]', $data_input['name']);
+ $dfield = __('Output Field');
+ } elseif ($current_field_type == 'in') {
+- $header_name = __('Input Fields [edit: %s]', html_escape($data_input['name']));
++ $header_name = __esc('Input Fields [edit: %s]', $data_input['name']);
+ $dfield = __('Input Field');
+ }
+
+@@ -555,7 +555,7 @@ function data_edit() {
+ WHERE id = ?',
+ array(get_request_var('id')));
+
+- $header_label = __('Data Input Methods [edit: %s]', html_escape($data_input['name']));
++ $header_label = __esc('Data Input Methods [edit: %s]', $data_input['name']);
+ } else {
+ $data_input = array();
+
+Index: cacti/data_queries.php
+===================================================================
+--- cacti.orig/data_queries.php
++++ cacti/data_queries.php
+@@ -645,7 +645,7 @@ function data_query_item_edit() {
+ array(get_request_var('snmp_query_id')));
+
+ if (cacti_sizeof($snmp_query)) {
+- $header_label = __('Associated Graph/Data Templates [edit: %s]', html_escape($snmp_query['name']));
++ $header_label = __esc('Associated Graph/Data Templates [edit: %s]', $snmp_query['name']);
+ } else {
+ $header_label = __('Associated Graph/Data Templates [new]');
+ }
+@@ -1085,7 +1085,7 @@ function data_query_edit() {
+
+ if (!isempty_request_var('id')) {
+ $snmp_query = db_fetch_row_prepared('SELECT * FROM snmp_query WHERE id = ?', array(get_request_var('id')));
+- $header_label = __('Data Queries [edit: %s]', html_escape($snmp_query['name']));
++ $header_label = __esc('Data Queries [edit: %s]', $snmp_query['name']);
+ } else {
+ $header_label = __('Data Queries [new]');
+ }
+Index: cacti/data_source_profiles.php
+===================================================================
+--- cacti.orig/data_source_profiles.php
++++ cacti/data_source_profiles.php
+@@ -535,7 +535,7 @@ function profile_edit() {
+ AND local_data_id > 0',
+ array(get_request_var('id')));
+
+- $header_label = __('Data Source Profile [edit: %s]', html_escape($profile['name']) . ($readonly ? ' (Read Only)':''));
++ $header_label = __esc('Data Source Profile [edit: %s]', $profile['name'] . ($readonly ? ' (Read Only)':''));
+ } else {
+ $header_label = __('Data Source Profile [new]');
+ $readonly = false;
+Index: cacti/data_sources.php
+===================================================================
+--- cacti.orig/data_sources.php
++++ cacti/data_sources.php
+@@ -773,7 +773,7 @@ function ds_edit() {
+ exit;
+ }
+
+- $header_label = __('Data Template Selection [edit: %s]', html_escape(get_data_source_title(get_request_var('id'))));
++ $header_label = __esc('Data Template Selection [edit: %s]', get_data_source_title(get_request_var('id')));
+
+ if (empty($data_local['data_template_id'])) {
+ $use_data_template = false;
+@@ -1018,7 +1018,7 @@ function ds_edit() {
+ WHERE id = ?',
+ array($local_data_template_rrd_id));
+
+- $header_label = __('[edit: %s]', html_escape($rrd['data_source_name']));
++ $header_label = __('[edit: %s]', $rrd['data_source_name']);
+ } else {
+ $header_label = '';
+ }
+@@ -1047,7 +1047,7 @@ function ds_edit() {
+
+ print "<div class='tableHeader'>
+ <div class='tableSubHeaderColumn left'>
+- " . __('Data Source Item %s', $header_label) . "
++ " . __esc('Data Source Item %s', $header_label) . "
+ </div>
+ <div class='tableSubHeaderColumn right'>
+ " . ((!isempty_request_var('id') && (empty($data_template['id']))) ? "<a class='linkOverDark' href='" . html_escape('data_sources.php?action=rrd_add&id=' . get_request_var('id')) . "'>" . __('New') . "</a> " : '') . "
+Index: cacti/data_templates.php
+===================================================================
+--- cacti.orig/data_templates.php
++++ cacti/data_templates.php
+@@ -528,7 +528,7 @@ function template_edit() {
+ }
+ }
+
+- $header_label = __('Data Templates [edit: %s]', html_escape($template['name']));
++ $header_label = __esc('Data Templates [edit: %s]', $template['name']);
+
+ ?>
+ <table style='width:100%'>
+Index: cacti/gprint_presets.php
+===================================================================
+--- cacti.orig/gprint_presets.php
++++ cacti/gprint_presets.php
+@@ -183,7 +183,7 @@ function gprint_presets_edit() {
+
+ if (!isempty_request_var('id')) {
+ $gprint_preset = db_fetch_row_prepared('SELECT * FROM graph_templates_gprint WHERE id = ?', array(get_request_var('id')));
+- $header_label = __('GPRINT Presets [edit: %s]', html_escape($gprint_preset['name']));
++ $header_label = __esc('GPRINT Presets [edit: %s]', $gprint_preset['name']);
+ } else {
+ $header_label = __('GPRINT Presets [new]');
+ }
+Index: cacti/graph_templates.php
+===================================================================
+--- cacti.orig/graph_templates.php
++++ cacti/graph_templates.php
+@@ -433,7 +433,7 @@ function item() {
+ ORDER BY gti.sequence",
+ array(get_request_var('id')));
+
+- $header_label = __('Graph Template Items [edit: %s]', html_escape(db_fetch_cell_prepared('SELECT name FROM graph_templates WHERE id = ?', array(get_request_var('id')))));
++ $header_label = __esc('Graph Template Items [edit: %s]', db_fetch_cell_prepared('SELECT name FROM graph_templates WHERE id = ?', array(get_request_var('id'))));
+ }
+
+ html_start_box($header_label, '100%', '', '3', 'center', 'graph_templates_items.php?action=item_edit&graph_template_id=' . get_request_var('id'));
+@@ -511,7 +511,7 @@ function template_edit() {
+ AND local_graph_id=0',
+ array(get_request_var('id')));
+
+- $header_label = __('Graph Template [edit: %s]', html_escape($template['name']));
++ $header_label = __esc('Graph Template [edit: %s]', $template['name']);
+ } else {
+ $header_label = __('Graph Template [new]');
+ }
+Index: cacti/graph_templates_inputs.php
+===================================================================
+--- cacti.orig/graph_templates_inputs.php
++++ cacti/graph_templates_inputs.php
+@@ -142,7 +142,7 @@ function input_edit() {
+ get_filter_request_var('graph_template_id');
+ /* ==================================================== */
+
+- $header_label = __('Graph Item Inputs [edit graph: %s]', html_escape(db_fetch_cell_prepared('SELECT name FROM graph_templates WHERE id = ?', array(get_request_var('graph_template_id')))));
++ $header_label = __esc('Graph Item Inputs [edit graph: %s]', db_fetch_cell_prepared('SELECT name FROM graph_templates WHERE id = ?', array(get_request_var('graph_template_id'))));
+
+ /* get a list of all graph item field names and populate an array for user display */
+ foreach ($struct_graph_item as $field_name => $field_array) {
+Index: cacti/graph_templates_items.php
+===================================================================
+--- cacti.orig/graph_templates_items.php
++++ cacti/graph_templates_items.php
+@@ -402,7 +402,7 @@ function item_edit() {
+
+ form_start('graph_templates_items.php', 'graph_items');
+
+- $header_label = __('Graph Template Items [edit graph: %s]', html_escape(db_fetch_cell_prepared('SELECT name FROM graph_templates WHERE id = ?', array(get_request_var('graph_template_id')))));
++ $header_label = __esc('Graph Template Items [edit graph: %s]', db_fetch_cell_prepared('SELECT name FROM graph_templates WHERE id = ?', array(get_request_var('graph_template_id'))));
+
+ html_start_box($header_label, '100%', true, '3', 'center', '');
+
+Index: cacti/graphs.php
+===================================================================
+--- cacti.orig/graphs.php
++++ cacti/graphs.php
+@@ -1298,7 +1298,7 @@ function item() {
+ WHERE id = ?',
+ array(get_request_var('id')));
+
+- $header_label = __('Graph Items [edit: %s]', html_escape(get_graph_title(get_request_var('id'))));
++ $header_label = __esc('Graph Items [edit: %s]', get_graph_title(get_request_var('id')));
+ $add_text = 'graphs_items.php?action=item_edit' . (!empty($host_id) ? '&host_id=' . $host_id:'') . '&local_graph_id=' . get_request_var('id');
+ $anchor_link = 'host_id=' . $host_id . '&local_graph_id=' . get_request_var('id');
+ }
+@@ -1380,7 +1380,7 @@ function graph_edit() {
+ exit;
+ }
+
+- $header_label = __('Graph [edit: %s]', html_escape(get_graph_title(get_request_var('id'))));
++ $header_label = __esc('Graph [edit: %s]', get_graph_title(get_request_var('id')));
+
+ if ($graph['graph_template_id'] == '0') {
+ $use_graph_template = 'false';
+Index: cacti/graphs_items.php
+===================================================================
+--- cacti.orig/graphs_items.php
++++ cacti/graphs_items.php
+@@ -309,7 +309,7 @@ function item_edit() {
+ if (empty($host['hostname'])) {
+ $header = __('Data Sources [No Device]');
+ } else {
+- $header = __('Data Sources [%s]', $host['hostname']);
++ $header = __esc('Data Sources [%s]', $host['hostname']);
+ }
+
+ html_start_box($header, '100%', '', '3', 'center', '');
+@@ -397,7 +397,7 @@ function item_edit() {
+ WHERE local_graph_id = ?',
+ array(get_request_var('local_graph_id')));
+
+- $header_label = __('Graph Items [graph: %s]', html_escape($title));
++ $header_label = __esc('Graph Items [graph: %s]', $title);
+
+ form_start('graphs_items.php', 'greph_edit');
+
+Index: cacti/graphs_new.php
+===================================================================
+--- cacti.orig/graphs_new.php
++++ cacti/graphs_new.php
+@@ -274,7 +274,7 @@ function graphs() {
+ WHERE id = ?',
+ array($host['host_template_id']));
+
+- $header = __('New Graphs for [ %s ] (%s %s)', html_escape($host['description']), html_escape($host['hostname']), (!empty($host['host_template_id']) ? html_escape($name):''));
++ $header = __esc('New Graphs for [ %s ] (%s %s)', $host['description'], $host['hostname'], (!empty($host['host_template_id']) ? $name:''));
+ } else {
+ $header = __('New Graphs for [ All Devices ]');
+ $host['id'] = -1;
+Index: cacti/host.php
+===================================================================
+--- cacti.orig/host.php
++++ cacti/host.php
+@@ -593,7 +593,7 @@ function host_edit() {
+ array(get_request_var('id')));
+
+ if (cacti_sizeof($host)) {
+- $header_label = __('Device [edit: %s]', html_escape($host['description']));
++ $header_label = __esc('Device [edit: %s]', $host['description']);
+ if (is_device_debug_enabled($host['id'])) {
+ $debug_link = "<span class='linkMarker'>*</span><a class='hyperLink' href='" . html_escape('host.php?action=disable_debug&host_id=' . $host['id']) . "'>" . __('Disable Device Debug') . "</a><br>";
+ } else {
+Index: cacti/host_templates.php
+===================================================================
+--- cacti.orig/host_templates.php
++++ cacti/host_templates.php
+@@ -456,7 +456,7 @@ function template_edit() {
+ WHERE id = ?',
+ array(get_request_var('id')));
+
+- $header_label = __('Device Templates [edit: %s]', html_escape($host_template['name']));
++ $header_label = __esc('Device Templates [edit: %s]', $host_template['name']);
+ } else {
+ $header_label = __('Device Templates [new]');
+ set_request_var('id', 0);
+Index: cacti/lib/api_automation.php
+===================================================================
+--- cacti.orig/lib/api_automation.php
++++ cacti/lib/api_automation.php
+@@ -2073,9 +2073,9 @@ function global_item_edit($rule_id, $rul
+ $_fields_rule_item_edit['field']['array']);
+ }
+ }
+- $header_label = __('Rule Item [edit rule item for %s: %s]', $title, $automation_rule['name']);
++ $header_label = __esc('Rule Item [edit rule item for %s: %s]', $title, $automation_rule['name']);
+ } else {
+- $header_label = __('Rule Item [new rule item for %s: %s]', $title, $automation_rule['name']);
++ $header_label = __esc('Rule Item [new rule item for %s: %s]', $title, $automation_rule['name']);
+ $automation_item = array();
+ $automation_item['sequence'] = get_sequence('', 'sequence', $item_table, 'rule_id=' . $rule_id . $sql_and);
+ }
+Index: cacti/lib/html_reports.php
+===================================================================
+--- cacti.orig/lib/html_reports.php
++++ cacti/lib/html_reports.php
+@@ -731,9 +731,9 @@ function reports_item_edit() {
+ if (isset_request_var('item_id') && (get_filter_request_var('item_id') > 0)) {
+ $reports_item = db_fetch_row_prepared('SELECT * FROM reports_items WHERE id = ?', array(get_request_var('item_id')));
+
+- $header_label = __('Report Item [edit Report: %s]', $report['name']);
++ $header_label = __esc('Report Item [edit Report: %s]', $report['name']);
+ } else {
+- $header_label = __('Report Item [new Report: %s]', $report['name']);
++ $header_label = __esc('Report Item [new Report: %s]', $report['name']);
+ $reports_item = array();
+ $reports_item['report_id'] = get_request_var('id');
+ $reports_item['sequence'] = get_sequence('', 'sequence', 'reports_items', 'report_id=' . get_request_var('id'));
+@@ -1170,7 +1170,7 @@ function reports_edit() {
+ # reformat mailtime to human readable format
+ $report['mailtime'] = date(reports_date_time_format(), $report['mailtime']);
+ # setup header
+- $header_label = __('[edit: %s]', html_escape($report['name']));
++ $header_label = __('[edit: %s]', $report['name']);
+ $tabs = array('details' => __('Details'), 'items' => __('Items'), 'preview' => __('Preview'), 'events' => __('Events'));
+ } else {
+ $header_label = __('[new]');
+@@ -1215,7 +1215,7 @@ function reports_edit() {
+ case 'details':
+ form_start(get_reports_page());
+
+- html_start_box(__('Details') . " $header_label", '100%', true, '3', 'center', '');
++ html_start_box(__esc('Details %s', $header_label), '100%', true, '3', 'center', '');
+
+ draw_edit_form(array(
+ 'config' => array('no_form_tag' => true),
+@@ -1262,7 +1262,7 @@ function reports_edit() {
+
+ break;
+ case 'items':
+- html_start_box(__('Items') . " $header_label", '100%', '', '3', 'center', get_reports_page() . '?action=item_edit&id=' . get_request_var('id'));
++ html_start_box(__esc('Items %s', $header_label), '100%', '', '3', 'center', get_reports_page() . '?action=item_edit&id=' . get_request_var('id'));
+
+ /* display the items */
+ if (!empty($report['id'])) {
+@@ -1302,7 +1302,7 @@ function reports_edit() {
+ $next = reports_interval_start($report['intrvl'], $report['count'], $report['offset'], $timestamp);
+ $date_format = reports_date_time_format() . ' - l';
+
+- html_start_box(__('Scheduled Events') . " $header_label", '100%', '', '3', 'center', '');
++ html_start_box(__esc('Scheduled Events %s', $header_label), '100%', '', '3', 'center', '');
+ for ($i=0; $i<14; $i++) {
+ form_alternate_row('line' . $i, true);
+ form_selectable_cell(date($date_format, $next), $i);
+@@ -1313,7 +1313,7 @@ function reports_edit() {
+
+ break;
+ case 'preview':
+- html_start_box(__('Report Preview') . " $header_label", '100%', '', '0', 'center', '');
++ html_start_box(__esc('Report Preview %s', $header_label), '100%', '', '0', 'center', '');
+ print "\t\t\t\t\t<tr><td>\n";
+ print reports_generate_html($report['id'], REPORTS_OUTPUT_STDOUT);
+ print "\t\t\t\t\t</td></tr>\n";
+Index: cacti/managers.php
+===================================================================
+--- cacti.orig/managers.php
++++ cacti/managers.php
+@@ -279,7 +279,7 @@ function manager_edit() {
+
+ if ($id) {
+ $manager = db_fetch_row_prepared('SELECT * FROM snmpagent_managers WHERE id = ?', array(get_request_var('id')));
+- $header_label = __('SNMP Notification Receiver [edit: %s]', html_escape($manager['description']));
++ $header_label = __esc('SNMP Notification Receiver [edit: %s]', $manager['description']);
+ } else {
+ $header_label = __('SNMP Notification Receiver [new]');
+ }
+Index: cacti/pollers.php
+===================================================================
+--- cacti.orig/pollers.php
++++ cacti/pollers.php
+@@ -510,7 +510,7 @@ function poller_edit() {
+ WHERE id = ?',
+ array(get_request_var('id')));
+
+- $header_label = __('Site [edit: %s]', html_escape($poller['name']));
++ $header_label = __esc('Site [edit: %s]', $poller['name']);
+ } else {
+ $poller = array();
+
+Index: cacti/rrdcleaner.php
+===================================================================
+--- cacti.orig/rrdcleaner.php
++++ cacti/rrdcleaner.php
+@@ -1,5 +1,4 @@
+ <?php
+-
+ /*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004-2019 The Cacti Group |
+Index: cacti/sites.php
+===================================================================
+--- cacti.orig/sites.php
++++ cacti/sites.php
+@@ -351,7 +351,7 @@ function site_edit() {
+
+ if (!isempty_request_var('id')) {
+ $site = db_fetch_row_prepared('SELECT * FROM sites WHERE id = ?', array(get_request_var('id')));
+- $header_label = __('Site [edit: %s]', html_escape($site['name']));
++ $header_label = __esc('Site [edit: %s]', $site['name']);
+ } else {
+ $header_label = __('Site [new]');
+ }
+Index: cacti/tree.php
+===================================================================
+--- cacti.orig/tree.php
++++ cacti/tree.php
+@@ -712,7 +712,7 @@ function tree_edit() {
+ WHERE id = ?',
+ array(get_request_var('id')));
+
+- $header_label = __('Trees [edit: %s]', html_escape($tree['name']) );
++ $header_label = __esc('Trees [edit: %s]', $tree['name']);
+
+ // Reset the cookie state if tree id has changed
+ if (isset($_SESSION['sess_tree_id']) && $_SESSION['sess_tree_id'] != get_request_var('id')) {
+Index: cacti/user_admin.php
+===================================================================
+--- cacti.orig/user_admin.php
++++ cacti/user_admin.php
+@@ -1593,7 +1593,7 @@ function user_realms_edit($header_label)
+
+ print "<div class='cactiTable' style='width:100%;text-align:left;'>
+ <div>
+- <div class='cactiTableTitle'><span style='padding:3px;'>" . __('User Permissions') . " $header_label</span></div>
++ <div class='cactiTableTitle'><span style='padding:3px;'>" . __('User Permissions') . " " . html_escape($header_label) . "</span></div>
+ <div class='cactiTableButton'><span style='padding:3px;'><input class='checkbox' type='checkbox' id='all' name='all' title='" . __esc('Select All') . "' onClick='selectAllRealms(this.checked)'></a><label class='formCheckboxLabel' title='" . __esc('Select All') . "' for='all'></label></span></div>
+ </div>
+ </div>\n";
+@@ -1830,7 +1830,7 @@ function settings_edit($header_label) {
+
+ form_start('user_admin.php');
+
+- html_start_box(__('User Settings %s', $header_label), '100%', true, '3', 'center', '');
++ html_start_box(__esc('User Settings %s', $header_label), '100%', true, '3', 'center', '');
+
+ foreach ($settings_user as $tab_short_name => $tab_fields) {
+ $collapsible = true;
+@@ -1960,7 +1960,7 @@ function user_edit() {
+
+ if (!isempty_request_var('id')) {
+ $user = db_fetch_row_prepared('SELECT * FROM user_auth WHERE id = ?', array(get_request_var('id')));
+- $header_label = __('[edit: %s]', html_escape($user['username']));
++ $header_label = __('[edit: %s]', $user['username']);
+ } else {
+ $header_label = __('[new]');
+ }
+@@ -1992,7 +1992,7 @@ function user_edit() {
+
+ form_start('user_admin.php');
+
+- html_start_box(__('User Management %s', $header_label), '100%', '', '3', 'center', '');
++ html_start_box(__esc('User Management %s', $header_label), '100%', '', '3', 'center', '');
+
+ draw_edit_form(
+ array(
+@@ -2547,7 +2547,7 @@ function graph_filter($header_label) {
+ </script>
+ <?php
+
+- html_start_box(__('Graph Permissions %s', html_escape($header_label)), '100%', '', '3', 'center', '');
++ html_start_box(__esc('Graph Permissions %s', $header_label), '100%', '', '3', 'center', '');
+
+ ?>
+ <tr class='even'>
+@@ -2654,7 +2654,7 @@ function group_filter($header_label) {
+ </script>
+ <?php
+
+- html_start_box(__('Group Membership %s', html_escape($header_label)), '100%', '', '3', 'center', '');
++ html_start_box(__esc('Group Membership %s', $header_label), '100%', '', '3', 'center', '');
+
+ ?>
+ <tr class='even'>
+@@ -2740,7 +2740,7 @@ function device_filter($header_label) {
+ </script>
+ <?php
+
+- html_start_box(__('Devices Permission %s', html_escape($header_label)), '100%', '', '3', 'center', '');
++ html_start_box(__esc('Devices Permission %s', $header_label), '100%', '', '3', 'center', '');
+
+ ?>
+ <tr class='even'>
+@@ -2843,7 +2843,7 @@ function template_filter($header_label)
+ </script>
+ <?php
+
+- html_start_box(__('Template Permission %s', html_escape($header_label)), '100%', '', '3', 'center', '');
++ html_start_box(__esc('Template Permission %s', $header_label), '100%', '', '3', 'center', '');
+
+ ?>
+ <tr class='even'>
+@@ -2928,7 +2928,7 @@ function tree_filter($header_label) {
+ </script>
+ <?php
+
+- html_start_box(__('Tree Permission %s', html_escape($header_label)), '100%', '', '3', 'center', '');
++ html_start_box(__esc('Tree Permission %s', $header_label), '100%', '', '3', 'center', '');
+
+ ?>
+ <tr class='even'>
+@@ -3013,7 +3013,7 @@ function member_filter($header_label) {
+ </script>
+ <?php
+
+- html_start_box(__('Tree Permission %s', html_escape($header_label)), '100%', '', '3', 'center', '');
++ html_start_box(__esc('Tree Permission %s', $header_label), '100%', '', '3', 'center', '');
+
+ ?>
+ <tr class='even'>
+Index: cacti/user_domains.php
+===================================================================
+--- cacti.orig/user_domains.php
++++ cacti/user_domains.php
+@@ -314,7 +314,7 @@ function domain_edit() {
+
+ if (!isempty_request_var('domain_id')) {
+ $domain = db_fetch_row_prepared('SELECT * FROM user_domains WHERE domain_id = ?', array(get_request_var('domain_id')));
+- $header_label = __('User Domain [edit: %s]', html_escape($domain['domain_name']));
++ $header_label = __esc('User Domain [edit: %s]', $domain['domain_name']);
+ } else {
+ $header_label = __('User Domain [new]');
+ }
+Index: cacti/user_group_admin.php
+===================================================================
+--- cacti.orig/user_group_admin.php
++++ cacti/user_group_admin.php
+@@ -1316,7 +1316,7 @@ function user_group_realms_edit($header_
+
+ print "<div class='cactiTable' style='width:100%;text-align:left;'>
+ <div>
+- <div class='cactiTableTitle'><span style='padding:3px;'>" . __('User Permissions') . " $header_label</span></div>
++ <div class='cactiTableTitle'><span style='padding:3px;'>" . __('User Permissions') . " " . html_escape($header_label) . "</span></div>
+ <div class='cactiTableButton'><span style='padding:3px;'><input class='checkbox' type='checkbox' id='all' name='all' title='" . __esc('Select All') . "' onClick='selectAllRealms(this.checked)'><label class='formCheckboxLabel' title='" . __esc('Select All') . "' for='all'></label></a><?php }?></span></div>
+ </div>
+ </div>\n";
+@@ -1545,7 +1545,7 @@ function user_group_settings_edit($heade
+
+ form_start('user_group_admin.php', 'chk');
+
+- html_start_box( __('User Settings %s', $header_label), '100%', true, '3', 'center', '');
++ html_start_box(__esc('User Settings %s', $header_label), '100%', true, '3', 'center', '');
+
+ foreach ($settings_user as $tab_short_name => $tab_fields) {
+ $collapsible = true;
+@@ -1672,7 +1672,7 @@ function group_edit() {
+ $tabs = api_plugin_hook_function('ugroup_tabs', $tabs);
+ if (!isempty_request_var('id')) {
+ $group = db_fetch_row_prepared('SELECT * FROM user_auth_group WHERE id = ?', array(get_request_var('id')));
+- $header_label = __('User Group Management [edit: %s]', html_escape($group['name']));
++ $header_label = __esc('User Group Management [edit: %s]', $group['name']);
+ } else {
+ $header_label = __('User Group Management [new]');
+ }
+@@ -1706,7 +1706,7 @@ function group_edit() {
+
+ form_start('user_group_admin.php');
+
+- html_start_box( $header_label, '100%', true, '3', 'center', '');
++ html_start_box($header_label, '100%', true, '3', 'center', '');
+
+ draw_edit_form(array(
+ 'config' => array('no_form_tag' => true),
+@@ -2154,7 +2154,7 @@ function graph_filter($header_label) {
+ </script>
+ <?php
+
+- html_start_box( __('Graph Permissions %s', html_escape($header_label)), '100%', '', '3', 'center', '');
++ html_start_box(__('Graph Permissions %s', $header_label), '100%', '', '3', 'center', '');
+
+ ?>
+ <tr class='even'>
+@@ -2262,7 +2262,7 @@ function device_filter($header_label) {
+ </script>
+ <?php
+
+- html_start_box( __('Devices Permission %s', html_escape($header_label)), '100%', '', '3', 'center', '');
++ html_start_box(__('Devices Permission %s', $header_label), '100%', '', '3', 'center', '');
+
+ ?>
+ <tr class='even'>
+@@ -2365,7 +2365,7 @@ function template_filter($header_label)
+ </script>
+ <?php
+
+- html_start_box( __('Template Permission %s', html_escape($header_label)), '100%', '', '3', 'center', '');
++ html_start_box(__('Template Permission %s', $header_label), '100%', '', '3', 'center', '');
+
+ ?>
+ <tr class='even'>
+@@ -2450,7 +2450,7 @@ function tree_filter($header_label) {
+ </script>
+ <?php
+
+- html_start_box( __('Tree Permission %s', html_escape($header_label)), '100%', '', '3', 'center', '');
++ html_start_box(__('Tree Permission %s', $header_label), '100%', '', '3', 'center', '');
+
+ ?>
+ <tr class='even'>
+@@ -2535,7 +2535,7 @@ function member_filter($header_label) {
+ </script>
+ <?php
+
+- html_start_box( __('User Membership %s', html_escape($header_label)), '100%', '', '3', 'center', '');
++ html_start_box(__('User Membership %s', $header_label), '100%', '', '3', 'center', '');
+
+ ?>
+ <tr class='even'>
+Index: cacti/utilities.php
+===================================================================
+--- cacti.orig/utilities.php
++++ cacti/utilities.php
+@@ -216,7 +216,7 @@ function utilities_view_tech($php_info =
+ load_current_session_value('tab', 'sess_ts_tabs', 'summary');
+ $current_tab = get_nfilter_request_var('tab');
+
+- $header_label = __('Technical Support [%s]', $tabs[get_request_var('tab')]);
++ $header_label = __esc('Technical Support [%s]', $tabs[get_request_var('tab')]);
+
+ if (cacti_sizeof($tabs)) {
+ $i = 0;
+Index: cacti/vdef.php
+===================================================================
+--- cacti.orig/vdef.php
++++ cacti/vdef.php
+@@ -399,7 +399,7 @@ function vdef_item_edit() {
+ WHERE id = ?',
+ array(get_request_var('vdef_id')));
+
+- $header_label = __('VDEF Items [edit: %s]', html_escape($name));
++ $header_label = __esc('VDEF Items [edit: %s]', $name);
+ }else {
+ $header_label = __('VDEF Items [new]');
+ }
+@@ -556,7 +556,7 @@ function vdef_edit() {
+ WHERE id = ?',
+ array(get_request_var('id')));
+
+- $header_label = __('VDEFs [edit: %s]', html_escape($vdef['name']));
++ $header_label = __esc('VDEFs [edit: %s]', $vdef['name']);
+ } else {
+ $header_label = __('VDEFs [new]');
+ }
diff -Nru cacti-1.2.2+ds1/debian/patches/5010719dbd160198be3e07bb994cf237e3af1308.patch cacti-1.2.2+ds1/debian/patches/5010719dbd160198be3e07bb994cf237e3af1308.patch
--- cacti-1.2.2+ds1/debian/patches/5010719dbd160198be3e07bb994cf237e3af1308.patch 1970-01-01 01:00:00.000000000 +0100
+++ cacti-1.2.2+ds1/debian/patches/5010719dbd160198be3e07bb994cf237e3af1308.patch 2020-06-18 22:34:41.000000000 +0200
@@ -0,0 +1,50 @@
+From 5010719dbd160198be3e07bb994cf237e3af1308 Mon Sep 17 00:00:00 2001
+From: cigamit <jimmy@sqmail.org>
+Date: Sun, 19 Jan 2020 09:10:28 -0600
+Subject: [PATCH] Resolving Issue #3201
+
+Vulnerability Report: Remote Code Execution due to input validation in Performance Boost Debug Log
+---
+ CHANGELOG | 1 +
+ lib/functions.php | 12 ++++++++++++
+ settings.php | 4 ++++
+ 3 files changed, 17 insertions(+)
+
+Index: cacti/lib/functions.php
+===================================================================
+--- cacti.orig/lib/functions.php
++++ cacti/lib/functions.php
+@@ -1469,6 +1469,18 @@ function prepare_validate_result(&$resul
+ }
+ }
+
++/** is_valid_pathname - takes a pathname are verifies it matches file name rules
++ * @arg $path - (char) the pathname to be tested
++ * @returns - either true or false
++*/
++function is_valid_pathname($path) {
++ if (preg_match('/^([a-zA-Z0-9.-\\\:\/]+)$/', trim($path))) {
++ return true;
++ } else {
++ return false;
++ }
++}
++
+ /* get_full_script_path - gets the full path to the script to execute to obtain data for a
+ given data source. this function does not work on SNMP actions, only script-based actions
+ @arg $local_data_id - (int) the ID of the data source
+Index: cacti/settings.php
+===================================================================
+--- cacti.orig/settings.php
++++ cacti/settings.php
+@@ -102,6 +102,10 @@ case 'save':
+ $errors[9] = 9;
+ $continue = false;
+ }
++ } elseif (get_nfilter_request_var($field_name) != '' && !is_valid_pathname(get_nfilter_request_var($field_name))) {
++ $_SESSION['sess_error_fields'][$field_name] = $field_name;
++ $_SESSION['sess_field_values'][$field_name] = get_nfilter_request_var($field_name);
++ $errors[36] = 36;
+ }
+
+ if ($continue) {
diff -Nru cacti-1.2.2+ds1/debian/patches/b1c70e19466a6e69284e24cde437b55ccc454bee.patch cacti-1.2.2+ds1/debian/patches/b1c70e19466a6e69284e24cde437b55ccc454bee.patch
--- cacti-1.2.2+ds1/debian/patches/b1c70e19466a6e69284e24cde437b55ccc454bee.patch 1970-01-01 01:00:00.000000000 +0100
+++ cacti-1.2.2+ds1/debian/patches/b1c70e19466a6e69284e24cde437b55ccc454bee.patch 2020-06-18 22:34:41.000000000 +0200
@@ -0,0 +1,22 @@
+From b1c70e19466a6e69284e24cde437b55ccc454bee Mon Sep 17 00:00:00 2001
+From: Chi Tran <chit@smu.edu>
+Date: Thu, 23 Jan 2020 02:42:44 -0600
+Subject: [PATCH] update relative to issue #3191 (#3213)
+
+---
+ lib/clog_webapi.php | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+Index: cacti/lib/clog_webapi.php
+===================================================================
+--- cacti.orig/lib/clog_webapi.php
++++ cacti/lib/clog_webapi.php
+@@ -769,7 +769,7 @@ function clog_regex_datasource($matches)
+ if (array_key_exists($ds_id, $ds_titles)) {
+ $ds_title = $ds_titles[$ds_id];
+ }
+- $result .= ($i == 0 ? '':', ') . "<a href='" . html_escape($config['url_path'] . 'data_sources.php?action=ds_edit&id=' . $ds_id) . "'>" . $ds_title . '</a>';
++ $result .= ($i == 0 ? '':', ') . "<a href='" . html_escape($config['url_path'] . 'data_sources.php?action=ds_edit&id=' . $ds_id) . "'>" . html_escape($ds_title) . '</a>';
+
+ $i++;
+ }
diff -Nru cacti-1.2.2+ds1/debian/patches/ec0d1f8422405500d7f4792071e3b313df10bd19.patch cacti-1.2.2+ds1/debian/patches/ec0d1f8422405500d7f4792071e3b313df10bd19.patch
--- cacti-1.2.2+ds1/debian/patches/ec0d1f8422405500d7f4792071e3b313df10bd19.patch 1970-01-01 01:00:00.000000000 +0100
+++ cacti-1.2.2+ds1/debian/patches/ec0d1f8422405500d7f4792071e3b313df10bd19.patch 2020-06-18 22:34:41.000000000 +0200
@@ -0,0 +1,65 @@
+From ec0d1f8422405500d7f4792071e3b313df10bd19 Mon Sep 17 00:00:00 2001
+From: TheWitness <thewitness@cacti.net>
+Date: Tue, 24 Mar 2020 18:13:16 -0400
+Subject: [PATCH] Regression related to automatic logout and guest account for
+ issue #3343
+
+---
+ include/global_session.php | 7 +++++--
+ lib/auth.php | 13 ++++++++-----
+ 2 files changed, 13 insertions(+), 7 deletions(-)
+
+Index: cacti/include/global_session.php
+===================================================================
+--- cacti.orig/include/global_session.php
++++ cacti/include/global_session.php
+@@ -85,13 +85,14 @@ if (isset($_SESSION['refresh'])) {
+ if (isset($_SESSION['refresh']['logout'])) {
+ $refreshIsLogout = $_SESSION['refresh']['logout'];
+ } else {
+- $refreshIsLogout = 'true';
++ $refreshIsLogout = 'false';
+ }
+
+ if (isset($_SESSION['refresh']['page'])) {
+ $myrefresh['page'] = sanitize_uri($_SESSION['refresh']['page']);
+ } else {
+ $myrefresh['page'] = $config['url_path'] . 'logout.php?action=timeout';
++ $refreshIsLogout = 'true';
+ }
+
+ unset($_SESSION['refresh']);
+Index: cacti/lib/auth.php
+===================================================================
+--- cacti.orig/lib/auth.php
++++ cacti/lib/auth.php
+@@ -657,25 +657,24 @@ function is_realm_allowed($realm) {
+ }
+
+ if (!user_perms_valid($_SESSION['sess_user_id'])) {
+- kill_session_var('sess_user_realms');
+- kill_session_var('sess_user_config_array');
+- kill_session_var('sess_config_array');
+-
+ $enabled = db_fetch_cell_prepared('SELECT enabled
+ FROM user_auth
+ WHERE id = ?',
+ array($_SESSION['sess_user_id']));
+
+- if ($enabled == '') {
++ if ($enabled == '' && get_guest_account() != $_SESSION['sess_user_id']) {
+ db_execute_prepared('DELETE FROM user_auth_cache
+ WHERE user_id = ?',
+ array($_SESSION['sess_user_id']));
+
+ kill_session_var('sess_user_id');
++ kill_session_var('sess_user_realms');
++ kill_session_var('sess_user_config_array');
++ kill_session_var('sess_config_array');
+
+ print '<span style="display:none;">cactiLoginSuspend</span>';
+ exit;
+ }
+ }
+
+ if (isset($_SESSION['sess_user_realms'][$realm])) {
diff -Nru cacti-1.2.2+ds1/debian/patches/series cacti-1.2.2+ds1/debian/patches/series
--- cacti-1.2.2+ds1/debian/patches/series 2019-12-29 19:53:28.000000000 +0100
+++ cacti-1.2.2+ds1/debian/patches/series 2020-06-18 22:34:41.000000000 +0200
@@ -8,3 +8,11 @@
CVE-2019-17357.patch
CVE-2019-17358.patch
CVE-2019-16723.patch
+28fcdb9c60d1feee08c25c7c8bb61bf707f201bc.patch
+5010719dbd160198be3e07bb994cf237e3af1308.patch
+4cbb045e03ee20a2bd09094a201a925fbb8a39d9.patch
+47a000b5aba4af16967e249b25f25397506e3464.patch
+b1c70e19466a6e69284e24cde437b55ccc454bee.patch
+107bfecebfdd060a81b91f146471648ebb7284a0.patch
+25abe64483752f7585ae17b699167b0abe849833.patch
+ec0d1f8422405500d7f4792071e3b313df10bd19.patch
Attachment:
signature.asc
Description: OpenPGP digital signature